[KukicAdnan]

So because someone gives bad advice or has a bad understanding on a technology, you should not use it? Seems a little dramatic, don't you think?

JWTs, like most things, work perfectly fine if implemented properly and you understand what you're doing.

[ianleeclark]

Alternatively you could just use a token that has sane defaults, rather than having a tool that could bite you or could bite your organization after you depart.

[KukicAdnan]

I've implemented JWT's in apps more times than I'd like to think about, and never has it been done without ensuring the tokens are signed, signing keys rotated regularly, tokens having a short lifecycle, etc. and none of these required some deep expert knowledge just a couple of hours of research on best practices.

Again, it's not about the tool, it's how you use it.